It’s much less noticeable than a thinner profile or trick digicam lenses, however Apple is declaring one other improve within the iPhone 17 household of telephones that it says is a part of “probably the most vital improve to reminiscence security within the historical past of client working programs.” Explicitly concentrating on the spy ware business that produces exploits for instruments like Pegasus to hack on focused gadgets, a collection of modifications in Apple’s chips, OS, and improvement instruments are a part of what it calls Reminiscence Integrity Enforcement (MIE).
With the introduction of the iPhone 17 lineup and iPhone Air, we’re excited to ship Reminiscence Integrity Enforcement: the business’s first ever, complete, always-on memory-safety safety overlaying key assault surfaces — together with the kernel and over 70 userland processes — constructed on the Enhanced Reminiscence Tagging Extension (EMTE) and supported by safe typed allocators and tag confidentiality protections.
The strategy is just like what we’ve seen from Microsoft’s introduction of reminiscence integrity safety features for Home windows 11, in addition to a collection of modifications which have arrived to stop speculative-execution vulnerabilities like Spectre. Apple’s weblog put up additionally mentions efforts by ARM with the Reminiscence Tagging Extension (MTE) to struggle reminiscence bugs, which is supported on Google’s Pixel telephones beginning with the Pixel 8 collection and enabled for supported apps for those who activate Superior Safety.
Apple says its implementation goes a step additional, with the power to guard all customers by default and by designing its A19 and A19 Professional chips for enhanced safety, whereas nonetheless including reminiscence security modifications for older {hardware} that doesn’t help the brand new reminiscence tagging options. The corporate additionally says its new mitigation for Spectre V1 leaks works with “nearly zero CPU price” — as efficiency hits have been a difficulty for reminiscence integrity and different safety features — with the entire modifications making “mercenary spy ware” much more costly to develop.
The oldsters behind the security-focused GrapheneOS challenge acknowledged the “main safety enhancements” that may assist iPhone safety in a put up on X, however additionally stated that they had points with the presentation and the way it portrayed iOS safety vs options like MTE, already launched for Android. We’ll be taught extra about how a lot has modified as soon as these updates attain gadgets and attackers take their flip making an attempt to crack open the iPhone 17 and iPhone Air’s safety.